Python: [Generated by SRE Agent] Fix MCP allowed_tools empty list handling

python/packages/core/agent_framework/_mcp.py

@@ -228,7 +228,13 @@ def __init__(
             name: The name of the MCP tool.
             description: A description of the MCP tool.
             approval_mode: Whether approval is required to run tools.
-            allowed_tools: A collection of tool names to allow.
+            allowed_tools: Optional allow-list of MCP tool names to expose as functions.
+                ``None`` (the default) exposes every tool advertised by the MCP server.
+                A non-empty collection exposes only the tools whose names appear in it.
+                An empty collection (``[]``) exposes no tools — if you simply want to
+                disable tool execution, prefer ``load_tools=False`` instead. ``[]`` is
+                useful as a runtime guard or when you want to load tool metadata for
+                inspection without exposing the tools for invocation.
             tool_name_prefix: Optional prefix to prepend to exposed MCP function names.
             load_tools: Whether to load tools from the MCP server.
             parse_tool_results: An optional callable with signature
@@ -544,7 +550,7 @@ def _prepare_message_for_mcp(
     @property
     def functions(self) -> list[FunctionTool]:
         """Get the list of functions that are allowed."""
-        if not self.allowed_tools:
+        if self.allowed_tools is None:
             return self._functions
         allowed_names = set(self.allowed_tools)
         filtered_functions: list[FunctionTool] = []
@@ -1592,7 +1598,13 @@ def __init__(
                 - A dict with keys `always_require_approval` or `never_require_approval`,
                   followed by a sequence of strings with the names of the relevant tools.
                 A tool should not be listed in both, if so, it will require approval.
-            allowed_tools: A list of tools that are allowed to use this tool.
+            allowed_tools: Optional allow-list of MCP tool names to expose as functions.
+                ``None`` (the default) exposes every tool advertised by the MCP server.
+                A non-empty collection exposes only the tools whose names appear in it.
+                An empty collection (``[]``) exposes no tools — if you simply want to
+                disable tool execution, prefer ``load_tools=False`` instead. ``[]`` is
+                useful as a runtime guard or when you want to load tool metadata for
+                inspection without exposing the tools for invocation.
             additional_properties: Additional properties.
             args: The arguments to pass to the command.
             env: The environment variables to set for the command.
@@ -1726,7 +1738,13 @@ def __init__(
                 - A dict with keys `always_require_approval` or `never_require_approval`,
                   followed by a sequence of strings with the names of the relevant tools.
                 A tool should not be listed in both, if so, it will require approval.
-            allowed_tools: A list of tools that are allowed to use this tool.
+            allowed_tools: Optional allow-list of MCP tool names to expose as functions.
+                ``None`` (the default) exposes every tool advertised by the MCP server.
+                A non-empty collection exposes only the tools whose names appear in it.
+                An empty collection (``[]``) exposes no tools — if you simply want to
+                disable tool execution, prefer ``load_tools=False`` instead. ``[]`` is
+                useful as a runtime guard or when you want to load tool metadata for
+                inspection without exposing the tools for invocation.
             additional_properties: Additional properties.
             terminate_on_close: Close the transport when the MCP client is terminated.
             client: The chat client to use for sampling.
@@ -1901,7 +1919,13 @@ def __init__(
                 - A dict with keys `always_require_approval` or `never_require_approval`,
                   followed by a sequence of strings with the names of the relevant tools.
                 A tool should not be listed in both, if so, it will require approval.
-            allowed_tools: A list of tools that are allowed to use this tool.
+            allowed_tools: Optional allow-list of MCP tool names to expose as functions.
+                ``None`` (the default) exposes every tool advertised by the MCP server.
+                A non-empty collection exposes only the tools whose names appear in it.
+                An empty collection (``[]``) exposes no tools — if you simply want to
+                disable tool execution, prefer ``load_tools=False`` instead. ``[]`` is
+                useful as a runtime guard or when you want to load tool metadata for
+                inspection without exposing the tools for invocation.
             additional_properties: Additional properties.
             client: The chat client to use for sampling.
             kwargs: Any extra arguments to pass to the WebSocket client.

python/packages/core/tests/core/test_mcp.py

@@ -1465,6 +1465,7 @@ def test_mcp_tool_approval_mode_returns_none_for_unmatched_names() -> None:
             3,
             ["tool_one", "tool_two", "tool_three"],
         ),  # None means all tools are allowed
+        ([], 0, []),  # Empty list means no tools are allowed
         (["tool_one"], 1, ["tool_one"]),  # Only tool_one is allowed
         (
             ["tool_one", "tool_three"],